package com.xliang.security.xss;

import java.io.InputStream;

import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;

public class AntiSamyDemo
{
    public static void main(String[] args)
        throws Exception
    {
        InputStream prolicyIn = AntiSamyDemo.class.getResourceAsStream("antisamy-ebay.xml");
        Policy policy = Policy.getInstance(prolicyIn);
        AntiSamy as = new AntiSamy();
        String drityInput =
            "<script>alert(1)</script>" + "<a href='#bb' style='z-index:999; width:100%;' onclick='xxx'>，，，aa</a>" + "<iframe src='javascript:xxx'></iframe>" + "<xxx>xxx</xxx>";
        
        // 输出： <a href="#bb" style="width: 100.0%;">aa</a> xxx
        CleanResults cr = as.scan(drityInput, policy, AntiSamy.SAX);
        String cleanResult = cr.getCleanHTML();
        System.out.println(cleanResult);
    }
}
